Products

About

Google ads phishing scams (and how to avoid them)

What is phishing?

Phishing scams are attempts by fraudsters to trick you into entering or sharing personal information, by disguising themselves as trustworthy organisations.

Scammers may, for instance, create a fake site that looks like Luno and trick you into entering your username and password on that site. If you don’t have two-factor authentication enabled, they simply visit the actual Luno website and can clear out your account.

Phishing can be done in various different ways, such as emails, online ads or disguised websites. The scams are designed to appear identical to the format of the entity that they are pretending to be, including the branding.

While it's important to be aware of the various types of phishing, the main one that we will review today is phishing via Google adverts, which seems to be gaining popularity around the web.

How Google Adwords phishing works

When you do a search in a search engine like Google for any given topic, you’ll often see results that include a mix of paid advertising and organic search results. Below are the results for the search term “credit card” when made from Malaysia.

Many people don’t notice it, but the first two results are actually adverts; note the green block that says “Ad” before the URL. They are shown at the top of the page because those companies paid Google to list them first for the search term “credit card”.

The majority of these adverts are legitimate. Luno also makes use of Google advertising, since we can show relevant adverts for customers interested in certain things (like bitcoin!).

A legitimate advert for Luno

Fraudsters sometimes create advertisements on Google AdWords for keywords relating to the website they are replicating. Often it appears as the first result at the top of the search page, which then could lead unsuspecting customers to a scam site.

The phishing web page will look like a legitimate website sign up or login page. After you enter your login details on the fake site, they then use them to log into the real website and steal your funds.

Real-world example

We recently noticed an AdWords scam, targeting us and our customers. When you search for “luno” the following advert shows:

Noticed anything phishy? The advert takes you to the website www.luino.co (not www.luno.com) and is obviously a phishing page.

We immediately report these incidents to Google and elsewhere (more on that below), but it’s worth stating many times: always make sure that you are actually dealing with the Luno website.

Warning signs to look out for

Scammers are becoming more and more sophisticated in getting their scam sites to look more legitimate. It is difficult to be certain you have been directed to a phishing site, but here are some signs to look out for that can help you identify them:

Check the website URL. Often the URL of a phishing site appears to be correct but contains a misspelling of the company name or has a character/symbol before or after it. Look for subtle differences such as the substitution of the number "1" for the letter "l". For example, www.1uno.com instead of www.luno.com.

Before clicking on a Google ad, make sure the company name in the URL under the heading of the ad is correct.

Beware of pop-ups. If you go to a website that immediately displays a pop-up window asking you to enter your login details (and if this behaviour is out of the ordinary), it's likely that it is a phishing site. You may be on a genuine website but the scammers may have used a pop-up to get your personal information.

Some ways used to indicate a safe site can't always be trusted and it's important to be aware of them. For example, an icon of a locked padlock to the left of the URL is not necessarily a reliable sign of a genuine website.

Be wary of being asked to share details that the site doesn’t normally ask you for.

Scan the content of the website. Often, the website content may contain typos and grammatical mistakes.

If you're suspicious, enter a fake password. If it works and you appear to be signed in, it is likely you're on a phishing site.